Re: [ovs-dev] [PATCH 4/4] rhel: selinux-policy to invoke proper label macros

Mon, 26 Mar 2018 15:05:33 -0700 

On 20 March 2018 at 14:05, Aaron Conole <acon...@redhat.com> wrote:
> The rpm doesn't invoke all of the required selinux helpers to enact labeling
> or relabeling on all versions of Fedora/RHEL.  According to:
>   https://fedoraproject.org/wiki/SELinux/IndependentPolicy
>
> This commit switches to use the selinux rpm macros which will ensure that
> all of the labels defined in the .fc.in file are applied properly.

Ok, it seems you need to send similar patch for
rhel/openvswitch.spec.in. Not only for fedora.

In the meantime I will later try to add fedorabuilder to the Vagrant
builder recipes and test what you have for Fedora.

Also, why was I able to reload openvswitch kernel module on CentOS
without the ovs-kmod-ctl being properly marked? Are there some rules
that we would need to remove now from openvswitch.te?

>
> Signed-off-by: Aaron Conole <acon...@redhat.com>
> ---
>  rhel/openvswitch-fedora.spec.in | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
> index 8fbc985ce..b606cb7e0 100644
> --- a/rhel/openvswitch-fedora.spec.in
> +++ b/rhel/openvswitch-fedora.spec.in
> @@ -340,6 +340,9 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/ovs-parse-backtrace \
>  %clean
>  rm -rf $RPM_BUILD_ROOT
>
> +%pre selinux-policy
> +%selinux_relabel_pre -s targeted
> +
>  %preun
>  %if 0%{?systemd_preun:1}
>      %systemd_preun %{name}.service
> @@ -444,7 +447,7 @@ fi
>  %endif
>
>  %post selinux-policy
> -/usr/sbin/semodule -i 
> %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp &> /dev/null || :
> +%selinux_modules_install -s targeted 
> %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
>
>  %postun
>  %if 0%{?systemd_postun:1}
> @@ -476,9 +479,12 @@ fi
>
>  %postun selinux-policy
>  if [ $1 -eq 0 ] ; then
> -  /usr/sbin/semodule -r openvswitch-custom &> /dev/null || :
> +  %selinux_modules_uninstall -s targeted openvswitch-custom
>  fi
>
> +%posttrans selinux-policy
> +%selinux_relabel_post -s targeted
> +
>  %files selinux-policy
>  %defattr(-,root,root)
>  %{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
> --
> 2.14.3
>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to